using System;

namespace PickGold.Zip
{
	/// <summary>
	///   This class implements the "traditional" or "classic" PKZip encryption,
	///   which today is considered to be weak. On the other hand it is
	///   ubiquitous. This class is intended for use only by the DotNetZip
	///   library.
	/// </summary>
	///
	/// <remarks>
	///   Most uses of the DotNetZip library will not involve direct calls into
	///   the ZipCrypto class.  Instead, the ZipCrypto class is instantiated and
	///   used by the ZipEntry() class when encryption or decryption on an entry
	///   is employed.  If for some reason you really wanted to use a weak
	///   encryption algorithm in some other application, you might use this
	///   library.  But you would be much better off using one of the built-in
	///   strong encryption libraries in the .NET Framework, like the AES
	///   algorithm or SHA.
	/// </remarks>
	internal class ZipCrypto
	{
		/// <summary>
		///   The default constructor for ZipCrypto.
		/// </summary>
		///
		/// <remarks>
		///   This class is intended for internal use by the library only. It's
		///   probably not useful to you. Seriously.  Stop reading this
		///   documentation.  It's a waste of your time.  Go do something else.
		///   Check the football scores. Go get an ice cream with a friend.
		///   Seriously.
		/// </remarks>
		///
		private ZipCrypto() { }

		public static ZipCrypto ForWrite(string password)
		{
			ZipCrypto z = new ZipCrypto();
			if (password == null)
				throw new BadPasswordException("This entry requires a password.");
			z.InitCipher(password);
			return z;
		}


		public static ZipCrypto ForRead(string password, ZipEntry e)
		{
			System.IO.Stream s = e._archiveStream;
			e._WeakEncryptionHeader = new byte[12];
			byte[] eh = e._WeakEncryptionHeader;
			ZipCrypto z = new ZipCrypto();

			if (password == null)
				throw new BadPasswordException("This entry requires a password.");

			z.InitCipher(password);

			ZipEntry.ReadWeakEncryptionHeader(s, eh);

			// Decrypt the header.  This has a side effect of "further initializing the
			// encryption keys" in the traditional zip encryption.
			byte[] DecryptedHeader = z.DecryptMessage(eh, eh.Length);

			// CRC check
			// According to the pkzip spec, the final byte in the decrypted header
			// is the highest-order byte in the CRC. We check it here.
			if (DecryptedHeader[11] != (byte)((e._Crc32 >> 24) & 0xff))
			{
				// In the case that bit 3 of the general purpose bit flag is set to
				// indicate the presence of an 'Extended File Header' or a 'data
				// descriptor' (signature 0x08074b50), the last byte of the decrypted
				// header is sometimes compared with the high-order byte of the
				// lastmodified time, rather than the high-order byte of the CRC, to
				// verify the password.
				//
				// This is not documented in the PKWare Appnote.txt.  It was
				// discovered this by analysis of the Crypt.c source file in the
				// InfoZip library http://www.info-zip.org/pub/infozip/
				//
				// The reason for this is that the CRC for a file cannot be known
				// until the entire contents of the file have been streamed. This
				// means a tool would have to read the file content TWICE in its
				// entirety in order to perform PKZIP encryption - once to compute
				// the CRC, and again to actually encrypt.
				//
				// This is so important for performance that using the timeblob as
				// the verification should be the standard practice for DotNetZip
				// when using PKZIP encryption. This implies that bit 3 must be
				// set. The downside is that some tools still cannot cope with ZIP
				// files that use bit 3.  Therefore, DotNetZip DOES NOT force bit 3
				// when PKZIP encryption is in use, and instead, reads the stream
				// twice.
				//

				if ((e._BitField & 0x0008) != 0x0008)
				{
					throw new BadPasswordException("The password did not match.");
				}
				else if (DecryptedHeader[11] != (byte)((e._TimeBlob >> 8) & 0xff))
				{
					throw new BadPasswordException("The password did not match.");
				}

				// We have a good password.
			}
			else
			{
				// A-OK
			}
			return z;
		}




		/// <summary>
		/// From AppNote.txt:
		/// unsigned char decrypt_byte()
		///     local unsigned short temp
		///     temp :=- Key(2) | 2
		///     decrypt_byte := (temp * (temp ^ 1)) bitshift-right 8
		/// end decrypt_byte
		/// </summary>
		private byte MagicByte
		{
			get
			{
				UInt16 t = (UInt16)((UInt16)(_Keys[2] & 0xFFFF) | 2);
				return (byte)((t * (t ^ 1)) >> 8);
			}
		}

		// Decrypting:
		// From AppNote.txt:
		// loop for i from 0 to 11
		//     C := buffer(i) ^ decrypt_byte()
		//     update_keys(C)
		//     buffer(i) := C
		// end loop


		/// <summary>
		///   Call this method on a cipher text to render the plaintext. You must
		///   first initialize the cipher with a call to InitCipher.
		/// </summary>
		///
		/// <example>
		///   <code>
		///     var cipher = new ZipCrypto();
		///     cipher.InitCipher(Password);
		///     // Decrypt the header.  This has a side effect of "further initializing the
		///     // encryption keys" in the traditional zip encryption.
		///     byte[] DecryptedMessage = cipher.DecryptMessage(EncryptedMessage);
		///   </code>
		/// </example>
		///
		/// <param name="cipherText">The encrypted buffer.</param>
		/// <param name="length">
		///   The number of bytes to encrypt.
		///   Should be less than or equal to CipherText.Length.
		/// </param>
		///
		/// <returns>The plaintext.</returns>
		public byte[] DecryptMessage(byte[] cipherText, int length)
		{
			if (cipherText == null)
				throw new ArgumentNullException("cipherText");

			if (length > cipherText.Length)
				throw new ArgumentOutOfRangeException("length",
													  "Bad length during Decryption: the length parameter must be smaller than or equal to the size of the destination array.");

			byte[] plainText = new byte[length];
			for (int i = 0; i < length; i++)
			{
				byte C = (byte)(cipherText[i] ^ MagicByte);
				UpdateKeys(C);
				plainText[i] = C;
			}
			return plainText;
		}

		/// <summary>
		///   This is the converse of DecryptMessage.  It encrypts the plaintext
		///   and produces a ciphertext.
		/// </summary>
		///
		/// <param name="plainText">The plain text buffer.</param>
		///
		/// <param name="length">
		///   The number of bytes to encrypt.
		///   Should be less than or equal to plainText.Length.
		/// </param>
		///
		/// <returns>The ciphertext.</returns>
		public byte[] EncryptMessage(byte[] plainText, int length)
		{
			if (plainText == null)
				throw new ArgumentNullException("plaintext");

			if (length > plainText.Length)
				throw new ArgumentOutOfRangeException("length",
													  "Bad length during Encryption: The length parameter must be smaller than or equal to the size of the destination array.");

			byte[] cipherText = new byte[length];
			for (int i = 0; i < length; i++)
			{
				byte C = plainText[i];
				cipherText[i] = (byte)(plainText[i] ^ MagicByte);
				UpdateKeys(C);
			}
			return cipherText;
		}


		/// <summary>
		///   This initializes the cipher with the given password.
		///   See AppNote.txt for details.
		/// </summary>
		///
		/// <param name="passphrase">
		///   The passphrase for encrypting or decrypting with this cipher.
		/// </param>
		///
		/// <remarks>
		/// <code>
		/// Step 1 - Initializing the encryption keys
		/// -----------------------------------------
		/// Start with these keys:
		/// Key(0) := 305419896 (0x12345678)
		/// Key(1) := 591751049 (0x23456789)
		/// Key(2) := 878082192 (0x34567890)
		///
		/// Then, initialize the keys with a password:
		///
		/// loop for i from 0 to length(password)-1
		///     update_keys(password(i))
		/// end loop
		///
		/// Where update_keys() is defined as:
		///
		/// update_keys(char):
		///   Key(0) := crc32(key(0),char)
		///   Key(1) := Key(1) + (Key(0) bitwiseAND 000000ffH)
		///   Key(1) := Key(1) * 134775813 + 1
		///   Key(2) := crc32(key(2),key(1) rightshift 24)
		/// end update_keys
		///
		/// Where crc32(old_crc,char) is a routine that given a CRC value and a
		/// character, returns an updated CRC value after applying the CRC-32
		/// algorithm described elsewhere in this document.
		///
		/// </code>
		///
		/// <para>
		///   After the keys are initialized, then you can use the cipher to
		///   encrypt the plaintext.
		/// </para>
		///
		/// <para>
		///   Essentially we encrypt the password with the keys, then discard the
		///   ciphertext for the password. This initializes the keys for later use.
		/// </para>
		///
		/// </remarks>
		public void InitCipher(string passphrase)
		{
			byte[] p = SharedUtilities.StringToByteArray(passphrase);
			for (int i = 0; i < passphrase.Length; i++)
				UpdateKeys(p[i]);
		}


		private void UpdateKeys(byte byteValue)
		{
			_Keys[0] = (UInt32)crc32.ComputeCrc32((int)_Keys[0], byteValue);
			_Keys[1] = _Keys[1] + (byte)_Keys[0];
			_Keys[1] = _Keys[1] * 0x08088405 + 1;
			_Keys[2] = (UInt32)crc32.ComputeCrc32((int)_Keys[2], (byte)(_Keys[1] >> 24));
		}

		///// <summary>
		///// The byte array representing the seed keys used.
		///// Get this after calling InitCipher.  The 12 bytes represents
		///// what the zip spec calls the "EncryptionHeader".
		///// </summary>
		//public byte[] KeyHeader
		//{
		//    get
		//    {
		//        byte[] result = new byte[12];
		//        result[0] = (byte)(_Keys[0] & 0xff);
		//        result[1] = (byte)((_Keys[0] >> 8) & 0xff);
		//        result[2] = (byte)((_Keys[0] >> 16) & 0xff);
		//        result[3] = (byte)((_Keys[0] >> 24) & 0xff);
		//        result[4] = (byte)(_Keys[1] & 0xff);
		//        result[5] = (byte)((_Keys[1] >> 8) & 0xff);
		//        result[6] = (byte)((_Keys[1] >> 16) & 0xff);
		//        result[7] = (byte)((_Keys[1] >> 24) & 0xff);
		//        result[8] = (byte)(_Keys[2] & 0xff);
		//        result[9] = (byte)((_Keys[2] >> 8) & 0xff);
		//        result[10] = (byte)((_Keys[2] >> 16) & 0xff);
		//        result[11] = (byte)((_Keys[2] >> 24) & 0xff);
		//        return result;
		//    }
		//}

		// private fields for the crypto stuff:
		private UInt32[] _Keys = { 0x12345678, 0x23456789, 0x34567890 };
		private CRC32 crc32 = new CRC32();

	}

	internal enum CryptoMode
	{
		Encrypt,
		Decrypt
	}

	/// <summary>
	///   A Stream for reading and concurrently decrypting data from a zip file,
	///   or for writing and concurrently encrypting data to a zip file.
	/// </summary>
	internal class ZipCipherStream : System.IO.Stream
	{
		private ZipCrypto _cipher;
		private System.IO.Stream _s;
		private CryptoMode _mode;

		/// <summary>  The constructor. </summary>
		/// <param name="s">The underlying stream</param>
		/// <param name="mode">To either encrypt or decrypt.</param>
		/// <param name="cipher">The pre-initialized ZipCrypto object.</param>
		public ZipCipherStream(System.IO.Stream s, ZipCrypto cipher, CryptoMode mode)
			: base()
		{
			_cipher = cipher;
			_s = s;
			_mode = mode;
		}

		public override int Read(byte[] buffer, int offset, int count)
		{
			if (_mode == CryptoMode.Encrypt)
				throw new NotSupportedException("This stream does not encrypt via Read()");

			if (buffer == null)
				throw new ArgumentNullException("buffer");

			byte[] db = new byte[count];
			int n = _s.Read(db, 0, count);
			byte[] decrypted = _cipher.DecryptMessage(db, n);
			for (int i = 0; i < n; i++)
			{
				buffer[offset + i] = decrypted[i];
			}
			return n;
		}

		public override void Write(byte[] buffer, int offset, int count)
		{
			if (_mode == CryptoMode.Decrypt)
				throw new NotSupportedException("This stream does not Decrypt via Write()");

			if (buffer == null)
				throw new ArgumentNullException("buffer");

			// workitem 7696
			if (count == 0) return;

			byte[] plaintext = null;
			if (offset != 0)
			{
				plaintext = new byte[count];
				for (int i = 0; i < count; i++)
				{
					plaintext[i] = buffer[offset + i];
				}
			}
			else plaintext = buffer;

			byte[] encrypted = _cipher.EncryptMessage(plaintext, count);
			_s.Write(encrypted, 0, encrypted.Length);
		}


		public override bool CanRead
		{
			get { return (_mode == CryptoMode.Decrypt); }
		}
		public override bool CanSeek
		{
			get { return false; }
		}

		public override bool CanWrite
		{
			get { return (_mode == CryptoMode.Encrypt); }
		}

		public override void Flush()
		{
			//throw new NotSupportedException();
		}

		public override long Length
		{
			get { throw new NotSupportedException(); }
		}

		public override long Position
		{
			get { throw new NotSupportedException(); }
			set { throw new NotSupportedException(); }
		}
		public override long Seek(long offset, System.IO.SeekOrigin origin)
		{
			throw new NotSupportedException();
		}

		public override void SetLength(long value)
		{
			throw new NotSupportedException();
		}
	}
}
